scsi: ufs: Fix stack overflow read in ufs debugfs driver

When getting string from userspace by simple_write_to_buffer
in ufs_qcom_dbg_testbus_cfg_write() function, the string
copied to configuration is not terminated with '\0'. Thus
stack overflow read may occur while copying configuration to
host->testbus.select_major, which will result in information
leak later while printing error message. This change adds null
character at the end of the input string to avoid information
leak.

Change-Id: Ic9a9204def4bd6976f42f5f80ae5c0a9730afeb1
Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org>

1 files changed, 2 insertions, 1 deletions

diff --git a/drivers/scsi/ufs/ufs-qcom-debugfs.c b/drivers/scsi/ufs/ufs-qcom-debugfs.c
index da670c0e31fa..494ecd1c5f79 100644
--- a/drivers/scsi/ufs/ufs-qcom-debugfs.c
+++ b/drivers/scsi/ufs/ufs-qcom-debugfs.c
@@ -111,7 +111,7 @@ static ssize_t ufs_qcom_dbg_testbus_cfg_write(struct file *file,
 				loff_t *ppos)
 {
 	struct ufs_qcom_host *host = file->f_mapping->host->i_private;
-	char configuration[TESTBUS_CFG_BUFF_LINE_SIZE] = {0};
+	char configuration[TESTBUS_CFG_BUFF_LINE_SIZE] = {'\0'};
 	loff_t buff_pos = 0;
 	char *comma;
 	int ret = 0;
@@ -128,6 +128,7 @@ static ssize_t ufs_qcom_dbg_testbus_cfg_write(struct file *file,
 			__func__);
 		goto out;
 	}
+	configuration[ret] = '\0';
 
 	comma = strnchr(configuration, TESTBUS_CFG_BUFF_LINE_SIZE, ',');
 	if (!comma || comma == configuration) {